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DETAILED ACTION 

1 . This Office Action is in response to the application 10/576,250 filed on 04/1 8/2006. 

2. As per the Preliminary Amendment filed on 04/1 8/2006, claims 1-36 were canceled; claims 
37-72 have been added. Claims 37-72 have been examined and are pending. 

This Action is made Non-Final. 

Specification 

3. The disclosure is objected to because the abstract exceeds 150 words. Applicant is 
reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph 
on a separate sheet within the range of 50 to 150 words. It is important that the abstract 
not exceed 150 words in length since the space provided for the abstract on the computer 
tape used by the printer is limited. The form and legal phraseology often used in patent 
claims, such as "means" and "said," should be avoided. The abstract should describe the 
disclosure sufficiently to assist readers in deciding whether there is a need for consulting 
the full patent text for details. 

The language should be clear and concise and should not repeat information given in 
the title. It should avoid using phrases which can be implied, such as, "The disclosure 
concerns," "The disclosure defined by this invention," "The disclosure describes," etc. 
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Claim Rejections - 35 USC §101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, 
or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

4. Claims 37-51 and 72 are rejected under 35 U.S.C. 101 as being directed to non-statutory 
subject matter. 

• Regarding claim 37, the claim invention is not directed to eligible subject 
matter under 35 U.S.C. § 101 in view of In Re Bilski, 88 USPQ2d 1385. While the claims 
recite a series of steps or acts to be performed, a statutory "process" under 35 U.S.C. 101 
must (1) be tied to particular machine, or (2) transform underlying subject matter (such as 
an article or material) to a different state or thing (See In Re Bilski, 88 USPQ2d 1385; see 
also Diamond v. Diehr, 450 U.S. 175, 184 (1981); Parker v. Flook, 473 U.S. 584, 588 n.9 
(1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); Cochrane v. Deener, 94 U.S. 780, 
787-88 (1976)); The instant claims are neither positively tied to a particular machine that 
accomplishes the claimed method steps nor transform underlying subject matter. The 
method claimed including steps of "providing a test system, " "directing at least a part of 
said communication ... toward to said test system, " "blocking the communication, " and 
"allowing communication, " is broad enough that the claim could be completely performed 
mentally, verbally or without a machine nor is any transformation apparent; Therefore, the 
claimed invention is directed to non-statutory subject matter. The mere recitation of the 
machine in the preamble with an absence of a machine in the body of the claim fails to 
make the claim statutory under 35 USC 101. 
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• Regarding claims 38-51, claims 38-51 are also rejected under 35 U.S.C. 101 as 
being directed to non- statutory subject matter for the same reasons. 

• Regarding claim 72, claim 72 is rejected under 35 U.S.C. 101 as non-statutory, 
because the claimed invention is implemented as functional descriptive material per se. "A 
computer program " recites in the claim is functional descriptive material per se. When 
functional descriptive material is recorded on some computer-readable medium, it becomes 
structurally and functionally interrelated to the medium and will be statutory in most cases 
since use of technology permits the function of the descriptive material to be realized. 
Compare In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 
1994)(discussing patentable weight of data structure limitations in the context of a statutory 
claim to a data structure stored on a computer readable medium that increases computer 
efficiency) and Warmerdam, 33 F.3d at 1360-61, 31 USPQ2d at 1759 (claim to computer 
having a specific data structure stored in memory held statutory product-by-process claim) 
with Warmerdam, 33 F.3d at 1361, 3 1 USPQ2d at 1760 (claim to a data structure per se 
held nonstatutory). In this case, "a program " recites in the claims is not recorded/stored on 
any computer-readable medium. Therefore, the claim is directed non-statutory subject 
matter. 
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Claim Rejections - 35 USC §102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior to the date of application for patenl in the United States. 

6. Claims 37-39, 46-51, 54-56, 63-68, and 71-72 are rejected under 35 U.S.C. 102(b) as 

being anticipated by Baehr et al., (hereinafter "Baehr"), U.S. Patent No. 5,878,231, issued 
on March 02, 1999. 

• Regarding claim 37, Baehr discloses a method of preventing intrusion in 
communication traffic with a set of machines in a network, said traffic comprising 
communication entities (col. 3, lines 16-50; Figs. 4-6; proxy network 430; col. 4, lines 64- 
67; Fig. 7; proxy network 445 implemented on screening system 340), comprising the steps 
of: 

providing a test system comprising test facilities replicating at least one of said 
machines in said set (col. 4, lines 27-40; col. 4, lines 50-63; Figs. 5-6; proxy network 
430/445 includes a virtual host mirroring (or acting as proxy for) each of a subset (or all) 
of the hosts found on the private network 330; col. 4, lines 64-67; Fig. 7; screening system 
340 that includes proxy network 445 is known as test system); 

directing at least part of said communication entities in said traffic toward said 
test system (col. 4, lines 57-60; Figs. 4-7; when a user attempts to access a service or host 
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of the private network, the request may be shunted aside to the proxy network to either a 
mirroring proxy host or a unique proxy host; see also col. 6, lines 30-36); 

running said communication entities directed toward said test system on said test 
facilities to detect possibly adverse effects on said test system (col. 4, lines 57-60; col. 6, 
lines 30-36; col. 10, lines 11-34; Fig. 11; wherein at least steps 930, 970, and 990-1010), 
and 

i) in the presence of an adverse effect, blocking the communication entities 
leading to said adverse effect (col. 10, lines 19-34; Fig. 11; step 970: 'block connection '), 
and 

ii) in the absence of an adverse effect, allowing communication with said set of 
machines for the communication entities failing to lead to said adverse effect (col. 10, lines 
19-34; Fig. 1 1; steps 990: 'create connection' and 1010: 'check connection'). 

• Regarding claim 38, Baehr discloses the method of claim 37, wherein said at 
least part of said communication entities directed toward said test system include 
communication entities from traffic bound toward said set of machines (col. 4, lines 57-60; 
col. 6, lines 30-36; Figs. 4-7). 

• Regarding claim 39, Baehr discloses the method of claim 37, wherein said at 
least part of said communication entities directed toward said test system include 
communication entities from traffic coming from said set of machines (col. 4, lines 41-49; 
Figs. 4-7). 
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• Regarding claim 46, Baehr discloses the method of claim 37, comprising, in the 
presence of said adverse effect, the step of subjecting to a resetting step those of said test 
facilities in said test system affected by said adverse effect (col. 6, lines 37-67 to col. 7, 
lines 1-7; packet is either blocked or allowed depending on predetermined criteria and/or 
predefined table). 

• Regarding claim 47, Baehr discloses the method of claim 37, wherein the 
machines in said set comprise facilities exposed to said adverse effect as well as additional 
contents, comprising the step of configuring said test facilities in order to replicate said 
facilities exposed to said adverse effect in the machines in said set (col. 6, lines 37-59; col. 
7, lines 55-63; packets, especially failed attempts or requests, are logged in the log file 
storage 640). 

• Regarding claim 48, Baehr discloses the method of claim 37, comprising the 
step of inhibiting said test machines in said test system from providing responses to said 
traffic (col. 7, lines 16-24; packets from any other source will be dropped without further 
action). 

• Regarding claim 49, Baehr discloses the method of claim 37, comprising the 
steps of: 

providing an in-line component ensuring said traffic with said set of machines 
(col. 3, lines 59-64; Figs. 5-9; packet screening system 340 and network interface 1); and 
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providing at least one interface interfacing said in-line component with said test 
system (col. 3, lines 59-64; Figs. 5-9; packet screening system 340 and network interface 
2). 

• Regarding claim 50, Baehr discloses the method of claim 49, comprising the 
step of providing feedback from said test system to said in-line component via said at least 
one interface (col. 4, lines 33-67 to col. 5, lines 1-14; Fig. 5-7; screening system 340, 
network interface 2, and proxy network 430). 

• Regarding claim 51, Bachr discloses the method of claim 49, comprising the 
steps of: 

providing a management network for managing said test system (col. 7, lines 13- 
24; administrator is ale to select security protocol and predefined criteria for packet 
filtering/processing); and 

providing feedback from said test system to said in-line component via said 
management network (col. 7, lines 13-24; administrator is ale to select security protocol 
and predefined criteria for packet filtering/processing). 

• Regarding claims 54-56, claims 54-56 are similar in scope to claims 37-39 
respectively, and are therefore rejected under similar rationale. 

• Regarding claims 63-68, claims 63-68 are similar in scope to claims 46-5 1 
respectively, and are therefore rejected under similar rationale. 
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• Regarding claim 71, claim 71 is similar in scope to claim 54 and is therefore 
rejected under similar rationale. 

• Regarding claim 72, claim 72 is similar in scope to claim 37 and is therefore 
rejected under similar rationale. 



Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. This application currently names joint inventors. In considering patentability of the claims 
under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims 
was commonly owned at the time any inventions covered therein were made absent any 
evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1 .56 to point 
out the inventor and invention dates of each claim that was not commonly owned at the time 
a later invention was made in order for the examiner to consider the applicability of 35 
U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a). 
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9. Claims 40-45, 52-53, 57-62, and 69-70 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Baehr, as applied to claim 37 above, in view of Ramsey et al, (hereinafter 
"Ramsey"), U.S. Patent No. 7,331,061, filed on September 07, 2001. 

• Regarding claim 40, Baehr discloses the method of claim 37. 

Baehr does not explicitly discloses providing a data base comprising patterns 
representative of forbidden communication entities for communication with said set of 
machines; and blocking forbidden communication entities in said traffic as identified by 
respective patterns included in said data base. 

However, in an analogous art, Ramsey discloses an integrated computer security 
management method including steps of providing a data base comprising patterns 
representative of forbidden communication entities for communication with said set of 
machines (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 18, lines 
29-55; Fig. 5, wherein at least steps 542: signature match? Y/N and profile match: Y/N); 
and blocking forbidden communication entities in said traffic as identified by respective 
patterns included in said data base (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, 
lines 38-47; col. 17, lines 20-35; Fig. 5; wherein at least steps 514/528/652: deny/reject? 
Y/N). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Ramsey with the method and 
system of Baehr to include steps of providing a data base comprising patterns 
representative of forbidden communication entities for communication with said set of 
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machines; and blocking forbidden communication entities in said traffic as identified by 
respective patterns included in said data base to provide user with a means for managing 
security information with parallel processing, serial processing, or singular processing by a 
firewall, and IDS, and an AVS (Ramsey: col. 2, lines 63-67). 

• Regarding claim 41, Baehr discloses the method of claim 37. 

Baehr does not explicitly disclose providing a further data base comprising 
patterns representative of allowed communication entities for communication with said set 
of machines; and allowing communication of allowed communication entities in said 
traffic as identified by respective patterns included in said further data base. 

However, in an analogous art, Ramsey discloses an integrated computer security 
management method including steps of providing a further data base comprising patterns 
representative of allowed communication entities for communication with said set of 
machines (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 18, lines 
29-55; Fig. 5, wherein at least steps 538: compare packet/copy to IDS signature and 542: 
signature match? Y/N and profile match: Y/N); and allowing communication of allowed 
communication entities in said traffic as identified by respective patterns included in said 
further database (Ramsey: col. 3, lines 35-38; col. 4, lines 43-49; col. 5, lines 38-47; col. 
1 7, lines 20-35; Fig. 5; wherein at least steps : compare packet/copy to IDS signature; 
552: trust? Y/N and 514/528/652: deny/reject? Y/N). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teaching of Ramsey with the method and 
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system of Baehr to include steps of providing a further data base comprising patterns 
representative of allowed communication entities for communication with said set of 
machines; and allowing communication of allowed communication entities in said traffic 
as identified by respective patterns included in said further data base to provide user with a 
means for managing security information with parallel processing, serial processing, or 
singular processing by a firewall, and IDS, and an AVS (Ramsey: col. 2, lines 63-67). 

• Regarding claim 42, Baehr and Ramsey disclose the method of claim 40. 
Baehr and Ramsey further disclose detecting unknown communication entities in 

said traffic as identified by respective unknown patterns not included in said data base 
(Baehr: col. 7, lines 13-29; packages from (or to) any other source (unknown source) will 
be dropped; Ramsey: Fig. 5; wherein at least step 542: profile match? Y/N'); and 
directing said unknown communication entities in said traffic as identified by respective 
unknown patterns not included in said data base toward said test system to be run on said 
test facilities to detect possibly adverse effects on said test system (Baehr: col. 4, lines 57- 
60; Figs. 4-7; requests from public network will be forwarded to proxy network; see also 
col. 6, lines 30-36; Ramsey: Fig. 5; wherein at least step 542: 'profile match? Y/N'). 

• Regarding claim 43, Baehr and Ramsey disclose the method of claim 42. 
Baehr further discloses in the presence of said adverse effect, the step of adding 

to said data base the respective pattern identifying the communication entity leading to said 
adverse effect (Baehr: col. 6, lines 37-59; col. 7, lines 55-63; packets, especially failed 
attempts or requests, are logged in the log file storage 640). 
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• Regarding claim 44, Baehr and Ramsey disclose the method of claim 4 1 . 
Baehr and Ramsey further disclose detecting unknown communication entities in 

said traffic as identified by respective unknown patterns not included in said further data 
base (Baehr: col. 7, lines 13-29; unknown packets are determined by predetermined 
criteria; Ramsey: Fig. 5; wherein at least steps 512 and 552: determine if packet is 
trusted? Y/N); and 

directing said unknown communication entities in said traffic as identified by 
respective unknown patterns not included in said further data base toward said test system 
to be run on said test facilities to detect possibly adverse effects on said test system (Baehr: 
col. 4, lines 57-60; Figs. 4-7; requests from public network will be forwarded to proxy 
network; see also col. 6, lines 30-36). 

• Regarding claim 45, Baehr and Ramsey disclose the method of claim 44. 
Baehr and Ramsey further disclose in the absence of said adverse effect, the step 

of adding to said further data base the respective pattern identifying the communication 
entity failing to lead to said adverse effect (Baehr: col. 7, lines 13-29; unknown packets are 
determined by predetermined criteria; Ramsey: col. 12, lines 63-67 to col. 13, lines 1-3; 
updating IDS configuration and/or signature files). 

• Regarding claim 52, Baehr and Ramsey disclose the method of claim 43. 
Ramsey further discloses providing a parallel intrusion preventing arrangement 

including a respective data base including patterns representative of respective forbidden 
communication entities for communication with a respective set of machines (Ramsey: col. 
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16, lines 23-30; parallel processing occurs where the IDS 255 processes the copied packet 
while the actual packet is processed by the firewall 225); and 

in the presence of said adverse effect, transmitting to said parallel intrusion 
preventing arrangement, for inclusion in said respective data base, the respective pattern 
identifying the communication entity leading to said adverse effect (Ramsey: col. 16, lines 
23-60; decision step 512, it is determined whether a packet is 'trusted'). 

• Regarding claim 53, Baehr and Ramsey disclose the method of claim 45. 
Ramsey further discloses providing a parallel intrusion preventing arrangement 

including a respective further data base including patterns representative of respective 
allowed communication entities for communication with a respective set of machines 
(Ramsey: col. 16, lines 23-30; col. 19, lines 8-34; parallel processing occurs where the IDS 
255 processes the copied packet while the actual packet is processed by the firewall 225); 
and 

in the absence of said adverse effect, transmitting to said parallel intrusion 
preventing arrangement, for inclusion in said respective further data base, the respective 
pattern identifying the communication entity failing to lead to said adverse effect (Ramsey: 
col. 16, lines 23-60; col. 19, lines 8-34; decision step 512, it is determined whether a 
packet is 'trusted'). 

• Regarding claims 57-62, claims 57-62 are similar in scope to claims 40-45 
respectively, and are therefore rejected under similar rationale. 
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• Regarding claims 69-70, claims 69-70 are similar in scope to claims 52-53 
respectively, and are therefore rejected under similar rationale. 



Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

U.S. Patent Publication No. US 2002/0069356 by Kim. 

U.S. Patent Publication No. US 2005/0005031 by Gordy et al. 

1 1 . Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Luu Pham whose telephone number is 571-270-5002. The examiner 
can normally be reached on Monday through Friday, 7:30 AM - 5:00 PM (EST). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel L. Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
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access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 

/Luu Pham/ 

Examiner, Art Unit 2437 
/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



